This commit is contained in:
@@ -22,10 +22,6 @@ pub struct AppConfig {
|
|||||||
#[clap(short = 'S', long, env, default_value = "")]
|
#[clap(short = 'S', long, env, default_value = "")]
|
||||||
secret: String,
|
secret: String,
|
||||||
|
|
||||||
/// Specify whether the cookie should be transmitted only over secure connections
|
|
||||||
#[clap(long, env)]
|
|
||||||
pub cookie_secure: bool,
|
|
||||||
|
|
||||||
/// Unsecure : for development, bypass authentication, using the account with the given
|
/// Unsecure : for development, bypass authentication, using the account with the given
|
||||||
/// email address by default
|
/// email address by default
|
||||||
#[clap(long, env)]
|
#[clap(long, env)]
|
||||||
@@ -161,23 +157,6 @@ impl AppConfig {
|
|||||||
self.unsecure_auto_login_email().is_some()
|
self.unsecure_auto_login_email().is_some()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get auth cookie domain
|
|
||||||
pub fn cookie_domain(&self) -> Option<String> {
|
|
||||||
if cfg!(debug_assertions) {
|
|
||||||
let domain = self.website_origin.split_once("://")?.1;
|
|
||||||
Some(
|
|
||||||
domain
|
|
||||||
.split_once(':')
|
|
||||||
.map(|s| s.0)
|
|
||||||
.unwrap_or(domain)
|
|
||||||
.to_string(),
|
|
||||||
)
|
|
||||||
} else {
|
|
||||||
// In release mode, the web app is hosted on the same origin as the API
|
|
||||||
None
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Get app secret
|
/// Get app secret
|
||||||
pub fn secret(&self) -> &str {
|
pub fn secret(&self) -> &str {
|
||||||
let mut secret = self.secret.as_str();
|
let mut secret = self.secret.as_str();
|
||||||
|
|||||||
@@ -63,24 +63,23 @@ pub async fn download(
|
|||||||
pub async fn serve_file(req: HttpRequest, file: &File, download_file: bool) -> HttpResult {
|
pub async fn serve_file(req: HttpRequest, file: &File, download_file: bool) -> HttpResult {
|
||||||
if !download_file {
|
if !download_file {
|
||||||
// Check if the browser already knows the etag
|
// Check if the browser already knows the etag
|
||||||
if let Some(c) = req.headers().get(header::IF_NONE_MATCH) {
|
if let Some(c) = req.headers().get(header::IF_NONE_MATCH)
|
||||||
if c.to_str().unwrap_or("") == file.sha512.as_str() {
|
&& c.to_str().unwrap_or("") == file.sha512.as_str()
|
||||||
|
{
|
||||||
return Ok(HttpResponse::NotModified().finish());
|
return Ok(HttpResponse::NotModified().finish());
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Check if the browser already knows the file by date
|
// Check if the browser already knows the file by date
|
||||||
if let Some(c) = req.headers().get(header::IF_MODIFIED_SINCE) {
|
if let Some(c) = req.headers().get(header::IF_MODIFIED_SINCE) {
|
||||||
let date_str = c.to_str().unwrap_or("");
|
let date_str = c.to_str().unwrap_or("");
|
||||||
if let Ok(date) = httpdate::parse_http_date(date_str) {
|
if let Ok(date) = httpdate::parse_http_date(date_str)
|
||||||
if date.add(Duration::from_secs(1))
|
&& date.add(Duration::from_secs(1))
|
||||||
>= time_utils::unix_to_system_time(file.time_create as u64)
|
>= time_utils::unix_to_system_time(file.time_create as u64)
|
||||||
{
|
{
|
||||||
return Ok(HttpResponse::NotModified().finish());
|
return Ok(HttpResponse::NotModified().finish());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
let mut res = HttpResponse::Ok();
|
let mut res = HttpResponse::Ok();
|
||||||
res.content_type(file.mime_type.as_str())
|
res.content_type(file.mime_type.as_str())
|
||||||
.insert_header(("etag", file.sha512.as_str()))
|
.insert_header(("etag", file.sha512.as_str()))
|
||||||
|
|||||||
@@ -64,11 +64,11 @@ pub async fn get_list_of_account(
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(limit) = query.limit {
|
if let Some(limit) = query.limit
|
||||||
if list.len() > limit {
|
&& list.len() > limit
|
||||||
|
{
|
||||||
list = list[..limit].to_vec();
|
list = list[..limit].to_vec();
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
Ok(HttpResponse::Ok().json(list))
|
Ok(HttpResponse::Ok().json(list))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -120,8 +120,9 @@ impl FromRequest for AuthExtractor {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Check IP restriction
|
// Check IP restriction
|
||||||
if let Some(net) = token.ip_net() {
|
if let Some(net) = token.ip_net()
|
||||||
if !net.contains(&remote_ip.0) {
|
&& !net.contains(&remote_ip.0)
|
||||||
|
{
|
||||||
log::error!(
|
log::error!(
|
||||||
"Trying to use token {:?} from unauthorized IP address: {remote_ip:?}",
|
"Trying to use token {:?} from unauthorized IP address: {remote_ip:?}",
|
||||||
token.id()
|
token.id()
|
||||||
@@ -130,7 +131,6 @@ impl FromRequest for AuthExtractor {
|
|||||||
"This token cannot be used from this IP address!",
|
"This token cannot be used from this IP address!",
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Check for write access
|
// Check for write access
|
||||||
if token.read_only && !req.method().is_safe() {
|
if token.read_only && !req.method().is_safe() {
|
||||||
@@ -163,11 +163,11 @@ impl FromRequest for AuthExtractor {
|
|||||||
};
|
};
|
||||||
|
|
||||||
// Update last use (if needed)
|
// Update last use (if needed)
|
||||||
if token.shall_update_time_used() {
|
if token.shall_update_time_used()
|
||||||
if let Err(e) = tokens_service::update_time_used(&token).await {
|
&& let Err(e) = tokens_service::update_time_used(&token).await
|
||||||
|
{
|
||||||
log::error!("Failed to refresh last usage of token! {e}");
|
log::error!("Failed to refresh last usage of token! {e}");
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Handle tokens expiration
|
// Handle tokens expiration
|
||||||
if token.is_expired() {
|
if token.is_expired() {
|
||||||
|
|||||||
@@ -23,11 +23,11 @@ impl UpdateInboxEntryQuery {
|
|||||||
let constraints = ServerConstraints::default();
|
let constraints = ServerConstraints::default();
|
||||||
|
|
||||||
// Check inbox entry label
|
// Check inbox entry label
|
||||||
if let Some(label) = &self.label {
|
if let Some(label) = &self.label
|
||||||
if !constraints.inbox_entry_label.check_str(label) {
|
&& !constraints.inbox_entry_label.check_str(label)
|
||||||
|
{
|
||||||
return Ok(Some("Invalid inbox entry label length!"));
|
return Ok(Some("Invalid inbox entry label length!"));
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Check the referenced movement
|
// Check the referenced movement
|
||||||
if let Some(movement_id) = self.movement_id {
|
if let Some(movement_id) = self.movement_id {
|
||||||
|
|||||||
@@ -55,13 +55,12 @@ impl UpdateMovementQuery {
|
|||||||
if let Ok(movement) =
|
if let Ok(movement) =
|
||||||
get_by_account_label_amount_time(self.account_id, &self.label, self.amount, self.time)
|
get_by_account_label_amount_time(self.account_id, &self.label, self.amount, self.time)
|
||||||
.await
|
.await
|
||||||
|
&& Some(movement.id()) != ref_movement
|
||||||
{
|
{
|
||||||
if Some(movement.id()) != ref_movement {
|
|
||||||
return Ok(Some(
|
return Ok(Some(
|
||||||
"A movement taken at the same time with the same label and the same amount already exists!",
|
"A movement taken at the same time with the same label and the same amount already exists!",
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
Ok(None)
|
Ok(None)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user